Skip to content

Commit e624be5

Browse files
achoimetachoimet
committed
feat: add tls for compatibility with SASL_SSL security protocol
1 parent e0c692e commit e624be5

File tree

5 files changed

+18
-21
lines changed

5 files changed

+18
-21
lines changed

README.md

Lines changed: 13 additions & 13 deletions
Original file line numberDiff line numberDiff line change
@@ -17,19 +17,19 @@ The extension-kafka is using these capacities, thus may need elevated rights on
1717

1818
## Configuration
1919

20-
| Environment Variable | Helm value | Meaning | Required | Default |
21-
|---------------------------------------------------------------------|------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|----------|---------|
22-
| `STEADYBIT_EXTENSION_SEED_BROKERS` | `kafka.seedBrokers` | Brokers hosts (without scheme) with port separated by comma (example: "localhost:9092,localhost:9093" | yes | |
23-
| `STEADYBIT_EXTENSION_SASL_MECHANISM` | `kafka.auth.saslMechanism` | PLAIN, SCRAM-SHA-256, or SCRAM-SHA-512 | no | |
24-
| `STEADYBIT_EXTENSION_SASL_USER` | `kafka.auth.saslUser` | Sasl User | no | |
25-
| `STEADYBIT_EXTENSION_SASL_PASSWORD` | `kafka.auth.saslPassword` | Sasl Password | no | |
26-
| `STEADYBIT_EXTENSION_KAFKA_CLUSTER_CERT_CHAIN_FILE` | `kafka.auth.kafkaClusterCertChainFile` | The client certificate in PEM format. | no | |
27-
| `STEADYBIT_EXTENSION_KAFKA_CLUSTER_CERT_KEY_FILE` | `kafka.auth.kafkaClusterCertKeyFile` | The private key associated with the client certificate. | no | |
28-
| `STEADYBIT_EXTENSION_KAFKA_CLUSTER_CA_FILE` | `kafka.auth.kafkaClusterCaFile` | The Certificate Authority (CA) certificate in PEM format. | no | |
29-
| `STEADYBIT_EXTENSION_KAFKA_USE_TLS` | `kafka.auth.useTLS` | Switch to "true" to use a TLS connection, empty by default, will use SystemCertPool for RootCAs by default. Specify the certificates attributes above to change the TLS parameters | no | |
30-
| `STEADYBIT_EXTENSION_DISCOVERY_ATTRIBUTES_EXCLUDES_BROKERS` | `discovery.attributes.excludes.broker` | List of Broker Attributes which will be excluded during discovery. Checked by key equality and supporting trailing "*" | no | |
31-
| `STEADYBIT_EXTENSION_DISCOVERY_ATTRIBUTES_EXCLUDES_TOPICS` | `discovery.attributes.excludes.topic` | List of Broker Attributes which will be excluded during discovery. Checked by key equality and supporting trailing "*" | no | |
32-
| `STEADYBIT_EXTENSION_DISCOVERY_ATTRIBUTES_EXCLUDES_CONSUMER_GROUPS` | `discovery.attributes.excludes.consumer` | List of Broker Attributes which will be excluded during discovery. Checked by key equality and supporting trailing "*" | no | |
20+
| Environment Variable | Helm value | Meaning | Required | Default |
21+
|---------------------------------------------------------------------|------------------------------------------|-----------------------------------------------------------------------------------------------------------------------------------------|----------|---------|
22+
| `STEADYBIT_EXTENSION_SEED_BROKERS` | `kafka.seedBrokers` | Brokers hosts (without scheme) with port separated by comma (example: "localhost:9092,localhost:9093" | yes | |
23+
| `STEADYBIT_EXTENSION_SASL_MECHANISM` | `kafka.auth.saslMechanism` | PLAIN, SCRAM-SHA-256, or SCRAM-SHA-512 | no | |
24+
| `STEADYBIT_EXTENSION_SASL_USER` | `kafka.auth.saslUser` | Sasl User | no | |
25+
| `STEADYBIT_EXTENSION_SASL_PASSWORD` | `kafka.auth.saslPassword` | Sasl Password | no | |
26+
| `STEADYBIT_EXTENSION_KAFKA_CLUSTER_CERT_CHAIN_FILE` | `kafka.auth.kafkaClusterCertChainFile` | The client certificate in PEM format. | no | |
27+
| `STEADYBIT_EXTENSION_KAFKA_CLUSTER_CERT_KEY_FILE` | `kafka.auth.kafkaClusterCertKeyFile` | The private key associated with the client certificate. | no | |
28+
| `STEADYBIT_EXTENSION_KAFKA_CLUSTER_CA_FILE` | `kafka.auth.kafkaClusterCaFile` | The Certificate Authority (CA) certificate in PEM format. | no | |
29+
| `STEADYBIT_EXTENSION_KAFKA_CONNECTION_USE_TLS` | `kafka.auth.useTLS` | Switch to "true" to use a TLS connection with default system certs, fill the certs fields above if you want to tune the tls connection. | no | |
30+
| `STEADYBIT_EXTENSION_DISCOVERY_ATTRIBUTES_EXCLUDES_BROKERS` | `discovery.attributes.excludes.broker` | List of Broker Attributes which will be excluded during discovery. Checked by key equality and supporting trailing "*" | no | |
31+
| `STEADYBIT_EXTENSION_DISCOVERY_ATTRIBUTES_EXCLUDES_TOPICS` | `discovery.attributes.excludes.topic` | List of Broker Attributes which will be excluded during discovery. Checked by key equality and supporting trailing "*" | no | |
32+
| `STEADYBIT_EXTENSION_DISCOVERY_ATTRIBUTES_EXCLUDES_CONSUMER_GROUPS` | `discovery.attributes.excludes.consumer` | List of Broker Attributes which will be excluded during discovery. Checked by key equality and supporting trailing "*" | no | |
3333

3434
The extension supports all environment variables provided
3535
by [steadybit/extension-kit](https://github.com/steadybit/extension-kit#environment-variables).

charts/steadybit-extension-kafka/templates/deployment.yaml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -99,7 +99,7 @@ spec:
9999
secretKeyRef:
100100
name: {{ include "kafka.auth.secret.name" . }}
101101
key: caFile
102-
- name: STEADYBIT_EXTENSION_KAFKA_USE_TLS
102+
- name: STEADYBIT_EXTENSION_KAFKA_CONNECTION_USE_TLS
103103
valueFrom:
104104
secretKeyRef:
105105
name: {{ include "kafka.auth.secret.name" . }}

config/config.go

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -17,7 +17,7 @@ type Specification struct {
1717
SaslMechanism string `json:"saslMechanism" required:"false" split_words:"true"`
1818
SaslUser string `json:"saslUser" required:"false" split_words:"true"`
1919
SaslPassword string `json:"saslPassword" required:"false" split_words:"true"`
20-
UseTLS string `json:"useTLS" required:"false" split_words:"true"`
20+
KafkaConnectionUseTLS string `json:"kafkaConnectionUseTLS" required:"false" split_words:"true"`
2121
KafkaClusterCertChainFile string `json:"kafkaClusterCertChainFile" required:"false" split_words:"true"`
2222
KafkaClusterCertKeyFile string `json:"kafkaClusterCertKeyFile" required:"false" split_words:"true"`
2323
KafkaClusterCaFile string `json:"kafkaClusterCaFile" required:"false" split_words:"true"`

extkafka/common.go

Lines changed: 2 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -161,9 +161,7 @@ func createNewClient(brokers []string) (*kgo.Client, error) {
161161
}
162162

163163
opts = append(opts, kgo.DialTLSConfig(tlsConfig))
164-
}
165-
166-
if config.Config.UseTLS == "true" {
164+
} else if config.Config.KafkaConnectionUseTLS == "true" {
167165
tlsDialer := &tls.Dialer{NetDialer: &net.Dialer{Timeout: 10 * time.Second}}
168166
opts = append(opts, kgo.Dialer(tlsDialer.DialContext))
169167
}
@@ -172,6 +170,7 @@ func createNewClient(brokers []string) (*kgo.Client, error) {
172170
if err != nil {
173171
return nil, fmt.Errorf("failed to initialize kafka client: %s", err.Error())
174172
}
173+
log.Debug().Msgf("Initiating client with: %v", opts)
175174

176175
return client, nil
177176
}

main.go

Lines changed: 1 addition & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -193,9 +193,7 @@ func testBrokerConnection() {
193193
}
194194

195195
opts = append(opts, kgo.DialTLSConfig(tlsConfig))
196-
}
197-
198-
if config.Config.UseTLS == "true" {
196+
} else if config.Config.KafkaConnectionUseTLS == "true" {
199197
tlsDialer := &tls.Dialer{NetDialer: &net.Dialer{Timeout: 10 * time.Second}}
200198
opts = append(opts, kgo.Dialer(tlsDialer.DialContext))
201199
}

0 commit comments

Comments
 (0)